<?php
session_start();
require_once ('../../src/db/connectdatabase.php');
require_once ("../dao/AdminDAO.php");
require_once('../../src/control/RedirectForward.php');

$url = "admin/admin.php?c=changepass";

if(isset($_POST['oldPass']) && isset($_POST['newPass'])) {
	$usernameadmin = $_SESSION['adminlogindongduong'];
	$passold = $_POST['oldPass'];
	$passnew = $_POST['newPass'];
	
	
	if(checkLoginAdmin($usernameadmin, sha1($passold))) {
		//changpass
		if(updateAdmin($usernameadmin, sha1($passnew))) {
			$url .= "&mess=success";
		} else {
			$url .= "&mess=error";
		}
	} else {
		//khong hop le
		$url .= "&mess=error";
	}
}

redirect($url);
?>